Listing of the Claims 



At the time of the Action: 

Pending Claims: 1, 3-4, 7-14, 31-34, 37-38, 40-41, 44-46 
Withdrawn Claims: 5, 6, 15-30, 35, 36, 42, 43 and 47-49 
Canceled Claims: 2, 39 and 50-53 

After this Response: 

Pending Claims: 1, 3-4, 7-14, 31-34, 37-38, 40-41, 44-46 
Amended Claims: 1, 31-34, 38, 40, and 46 
Withdrawn Claims: 5, 6, 15-30, 35, 36, 42, 43, and 47-49 
Canceled Claims: 2, 39, 50-53 



1. (Currently Amended) A method, implemented in a computing device, the 
method comprising: 

accessing a new security policy to be implemented by a plurality of security 
engines of the computing device and to be implemented by the plurality of security 
engines in place of a current security policvlL-II , the new security policy including a first 
set of rules specific to a first type of security engine and a second set of rules specific to a 
second type of security engine: 

identifying, by a rule set generator of the computing device, which set of rules is 
used by which type of security engines; 

processing, via each of the plurality of security engines i proc e ss i ng at l east a 
portion of th e new secur i ty po l icy the identified set of rules specific to its type to establish 
new rules for operation of the security engine while the security engine continues to 
operate according to previous rules; 
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returning a foi l value when returning, via each of the plurality of security engineSi 
a fail value when it determines that it has not successfully processed the identified set of 
rules has dotorm i nod - that i t is not r e ady to begin using the new security policy ; 

returning a pass valu e wh e n returninfi, via each of the plurality of security engines^ 
a pass value when it determines that it has successfully processed the identified set of 
rules has determined that it is ready to boginusing the n e w security po li cy ; 

receiving an indication to ignore the new s e t of rules and continue operating each 
of the plurality of security engines according to the previous rules when at least one of 
the plurality of security engines has returned a fail value d e t e rmined that i t is not ready to 
beg i n us i ng the now security pol i cy ; and 

switching, after receiving a pass value from each of the plurality of security 
engines an i ndicat i on that each of the plurality ' of-socur i tv engin e s has determined it-is 
ready to beg i n using the now socurity - po li c - y , each of the plurality of security engines to 
the new rules substantially concurrently. 

2. (Canceled). 

3, (Previously Presented) A method as recited in claim 1, wherein switching each 
of the plurality of security engines to the new rules substantially concurrently comprises 
switching each of the plurality of security engines after each of the plurality of security 
engines can nearly ensure that it can begin using the new rules as soon as it receives the 
indication to switch to the new security policy. 
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4. (Original) A method as recited in claim 1, wherein the switching comprises 
calling, for each of the plurality of security engines, a function exposed by the security 
engine. 

5. (Withdrawn) A method as recited in claim 1, wherein the switching comprises 
writing a value to a shared data structure. 

6. (Withdrawn) A method as recited in claim 1, wherein the switching comprises 
firing an event across all of the security engines at once. 

7. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes an antivirus engine. 

8. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes a firewall engine. 

9. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes an intrusion detection engine. 

10. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes a vulnerability analysis engine. 

11. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes a behavioral blocking engine. 
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12. (Original) A method as recited in claim 1, wherein each of the plurality of 
security engines is part of a same application process. 

13. (Original) A method as recited in claim 1, wherein the plurality of security 
engines includes one or more of: an antivirus engine, a firewall engine, an intrusion 
detection engine, a vulnerability analysis engine, and a behavioral blocking engine. 

14. (Original) A method as recited in claim 13, wherein the switching comprises 
one or more of: 

calling, for each of the plurality of security engines, a function exposed by the 
security engine; 

writing a value to a shared data structure; and 

firing an event across all of the security engines at once. 

15. (Withdrawn) One or more computer readable media having one or more 
instructions that, when executed by one or more processors of a device, cause the one or 
more processors to; 

obtain a new security policy for a plurality of security engines of the device; 
notify each of the plurality of security engines of one or more rules from the new 
security policy; and 

wait until each of the plurality of security engines has indicated that it is ready to 
begin using the new security policy; and 

after receipt of an indication that each of the plurality of security engines is ready 
to begin using the new security policy, instruct each of the plurality of security engines to 
begin using the new security policy. 
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16. (Withdrawn) One or more computer readable media as recited in claim 15, 
wherein to instruct each of the plurality of security engines to begin using the new 
security policy is to send a switch indication to each of the plurality of security engines 
substantially concurrently. 

17. (Withdrawn) One or more computer readable media as recited in claim 16, 
wherein to send the switch indication is to call, for each of the plurality of security 
engines, a function exposed by the security engine. 

18. (Withdrawn) One or more computer readable media as recited in claim 16, 
wherein to send the switch indication is to write a value to a shared data structure. 

19. (Withdrawn) One or more computer readable media as recited in claim 16, 
wherein to send the switch indication is to fire an event across all of the security engines 
at once. 

20. (Withdrawn) One or more computer readable media as recited in claim 15, 
wherein the plurality of security engines includes one or more of: an antivirus engine, a 
firewall engine, an intrusion detection engine, a vulnerability analysis engine, and a 
behavioral blocking engine. 

21. (Withdrawn) One or more computer readable media as recited in claim 20, 
wherein to instruct each of the plurality of security engines to begin using the new 
security policy is to: 
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call, for each of the plurality of security engines, a function exposed by the 
security engine; 

write a value to a shared data structure; and 

fire an event across all of the security engines at once. 

22. (Withdrawn) One or more computer readable media as recited in claim 15, 
wherein the one or more instructions further cause the one or more processors to issue, 
in response to an indication from one of the plurality of security engines that it has failed 
in getting ready to begin using the new security policy, an indication to each of the 
plurality of security engines to ignore the new security policy. 

23. (Withdrawn) A method comprising: 

notifying each of a plurality of security service providers in a computing device of 
one or more new rules; 

waiting until each of the plurality of security service providers has indicated that it 
is ready to begin using the one or more new rules it was notified of; and 

indicating, to each of the plurality of security service providers after receipt of the 
indications that the plurality of security service providers are ready to begin using the one 
or more new rules they were notified of, that the security service provider is to begin 
using the one or more new rules it was notified of. 

24. (Withdrawn) A method as recited in claim 23, wherein each of the plurality of 
security service providers is notified of a different set of one or more new rules. 
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25. (Withdrawn) A method as recited in claim 23, wherein the indicating to each 
of the plurality of security service providers that the security service provider is to begin 
using the one or more new rules comprises calling, for each of the plurality of security 
service providers, a function exposed by the security service provider. 

26. (Withdrawn) A method as recited in claim 23, wherein the indicating to each 
of the plurality of security service providers that the security service provider is to begin 
using the one or more new rules comprises writing a value to a shared data structure. 

27. (Withdrawn) A method as recited in claim 23, wherein the indicating to each 
of the plurality of security service providers that the security service provider is to begin 
using the one or more new rules comprises firing an event across ail of the security 
service providers at once. 

28. (Withdrawn) A method as recited in claim 23, wherein the plurality of 
security service providers includes one or more of: an antivirus engine, a firewall engine, 
an intrusion detection engine, a vulnerability analysis engine, and a behavioral blocking 
engine. 

29. (Withdrawn) A method as recited in claim 28, wherein the indicating to each 
of the plurality of security service providers that the security service provider is to begin 
using the one or more new rules comprises one or more of: 

calling, for each of the plurality of security service providers, a function exposed 
by the security service provider; 

writing a value to a shared data structure; and 
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firing an event across all of the security service providers at once. 



30. (Withdrawn) A method as recited in claim 23, further comprising indicating, 
in response to an indication from one of the plurality of security service providers that it 
has failed in getting ready to begin using the one or more new rules it was notified of, to 
each of the plurality of security service providers to delete the one or more new rules it 
was notified of. 

31. (Currently Amended) One or more computer readable storage media storing 
one or more instructions that, when executed by one or more processors, causes the one 
or more processors to: 

receive information of a new security policy to be used by a plurality of security 
engines, the new security policy including a first set of rules specific to a first type of 
security engine and a second set of rules specific to a second type of security engine ; 

identify, by a rule set generator of the computer readable storage media, which 
set of rules is used by which type of security engines; 

process, via each of the plurality of security engines, the identified set of rules 
specific to its type to generate new rules having associated data for operation of the 
security engine; 

generate a now set of ru l es having - assoc i at - ed - d a t -a- b a s e d on the now security 
returning a fail va l ue when it i s dotermincd-that - tho - ne - w -se t of ru l es arc not ready 
r e t - ur - ni n g -a p a ss value i t is determined that the new set of rules arc ready for use; 
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continue to use a previous set of rules and associated data when each of the 
plurality of security engines determines that it has not successfully processed the 

using use, upon receiving an indication that each of the plurality of security 
engines determines that it has successfully processed the identified set of rules tho now 
sot of rules arc rcody far - use , the new set of rules and associated data. 

32. {Currently Amended) One or more computer readable storage media as 
recited in claim 31, wherein the identify which set of rules is used by which type of 
security engines includes inferring which set of rules are associated with which type of 
security engine whoroin thc - ono - or - mo f o in s truct i ons - ar e p a rt of a security eng i ne . 

33. (Currently Amended) One or more computer readable storage media as 
recited in claim 31, wherein the identify which set of rules is used by which type of 
security engines comprises using an identifier associated with each set of rules to identify 
which set of rules is used by which type of security engines wherein the informat i on of 
tk e - ne - w - sccurity - pol ic y co mpr -i s e s - on e or mor e rules from wh i ch the now sot - of - r - u les c a n 
b e - gen orated . 

34. (Currently Amended) One or more computer readable storage media as 
recited in claim 31 y wherein the indication that each of the plurality of security engines 
has successfully processed the identified set of rules th e n e w set of rules arc ready for use 
comprises calling a function to begin using the new set of rules. 
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35. (Withdrawn) One or more computer readable media as recited in claim 31, 
wherein the indication to begin using the new set of rules and associated data is 
identified comprises identifying, in a shared data structure, a value indicating to begin 
using the new set of rules and associated data, 

36. (Withdrawn) One or more computer readable media as recited In claim 31, 
wherein the instructions further cause the one or more processors to begin polling an 
event, and wherein the indication to begin using the new set of rules and associated data 
is identified comprises detecting that the event has been fired. 

37. (Previously Presented) One or more computer readable storage media as 
recited in claim 31, wherein the one or more instructions comprises one of: an antivirus 
service provider, a firewall service provider, an intrusion detection service provider, a 
vulnerability analysis service provider, and a behavioral blocking service provider. 

38. (Currently Amended) One or more computer readable storage media as 
recited in claim 37, wherein the indication that each of the plurality of security engines 
has successfully processed the identified set of rules t ho no w - s e t - of ru l es are roodv foruso 
comprises one or more of: 

having a function exposed by the one or more instructions invoked; 
identifying, in a shared data structure, a value indicating to begin using the new 
set of rules and associated data; and 

detecting that an event being polled has been fired. 

39. (Canceled). 
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40. {Currently Amended) A method, implemented in a security engine of a 
computing device, the method comprising: 

receiving a new security policy to be enforced by a plurality of security engines of 
the computing device, the new security policy including a first set of rules specific to a 
first type of security engine and a second set of rules specific to a second type of security 




identifying, by a rule set generator of the computing device, which set of rules is 
used by which type of security engines; 

processing, via each of the plurality of security engines, the identified set of rules 
specific to its type to establish new rules for operation of the security engine while the 
security engine continues to operate according to previous rules; and 

returning — a - fail va l u e- wh e n ea ch of th e p l ura l ity of secur i ty engines - has 
dotorm i nod-that -i t -i s not r oa dy - to - b e gln using th e n e w s e curity policy; 

returning a pass-value — when - each — of — the p l ura li ty — of s e cur i ty engines has 
dotormined - that - it - is r e ady t o b e g i n - us i ng - th e- n e w- se eurity po li cy; 

r e c -ei w R g -a n -i nd i c a t i on to ignor e th e n e w set of rules and continue using - a 
pr e vious - sot of ru l es wh e n i t is-d e t e rm i n e d th a t th e n e w s e t of ru le s are not ready for use; 



enforcing, in response to receipt of an indication that each of the plurality of 
security engines has te -is-determined that it has successfully processed the identified t he 





>et of rules , the new rules on each of the 



plurality of security engines . 
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41. {Previously Presented) A method as recited in claim 40, wherein the indication 
comprises calling a function to begin using the new set of rules. 

42. (Withdrawn) A method as recited in claim 40, wherein the indication 
comprises identifying, in a shared data structure, a value indicating to begin using the 
new set of rules. 

43. (Withdrawn) A method as recited in claim 40, wherein the indication 
comprises detecting that an event being polled has been fired. 

44. (Previously Presented) A method as recited in claim 40, wherein the security 
engines includes one or more of: an antivirus engine, a firewall engine, an intrusion 
detection engine, a vulnerability analysis engine, and a behavioral blocking engine. 

45. (Original) A method as recited in claim 44, wherein the indication comprises 
one or more of: 

having a function exposed by the security engine invoked; 

identifying, in a shared data structure, a value indicating to begin using the new 
set of rules and associated data; and 

detecting that an event being polled has been fired. 

46. (Currently Amended) A method as recited in claim 40, further comprising: 
returning, via each of the plurality of security engines, a fail value when it 

determines that it has not successfully processed the identified set of rules: and 
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returning, via each of the plurality of security engines, a pass value when it 



determines that it has successfully processed the identified set of rule; 



on -i ndicotion tO ' ignore the n e w - s e t - ef - ru le s and continue us i ng a prev i ous sot of- ru l ets 
when -i t is determined that th e- n e w - s e t - of - ru le s a r e not r e ady for use comprises rece i ving 
an i nd i cat i on that the ncw - set - of - r - u l es - aro not r ca dy - for - us e. 



47. (Withdrawn) A system comprising: 

a policy reader to obtain a new security policy to be enforced on the system; 
a plurality of security service providers; 

a rule set generator to generate, for each of the plurality of security service 
providers, a new set of rules to implement the new security policy; 

a manager to send, to all of the plurality of security service providers at 
substantially the same time, an indication to begin using the new set of rules; and 

wherein each of the plurality of security service providers continues to enforce a 
previous set of rules until instructed to enforce the new set of rules. 

48. (Withdrawn) A system as recited in claim 47, wherein the plurality of security 
service providers includes one or more of: an antivirus engine, a firewall engine, an 
intrusion detection engine, a vulnerability analysis engine, and a behavioral blocking 
engine. 



49. (Withdrawn) A system as recited in claim 48, wherein the manager is to send 
the indication by performing one or more of: 

calling, for each of the plurality of security service providers, a function exposed 
by the security service provider; 
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writing a value to a shared data structure; and 

firing an event across all of the security service providers at once, 

50-53. (Canceled). 
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